Docker Engine version 29 release notes (original) (raw)
This page describes the latest changes, additions, known issues, and fixes for Docker Engine version 29.
For more information about:
- Deprecated and removed features, see Deprecated Engine Features.
- Changes to the Engine API, seeEngine API version history. 2026-06-03
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Reduce
docker system dferrors when images are pruned at the same time with the containerd image store. moby/moby#52672
Packaging updates
- Update containerd (static binaries only) to v2.2.4. moby/moby#52683
- Update Go runtime to 1.26.4. moby/moby#52753, docker/cli#7025
Rootless
- Fix AWS IMDS access with
gvisor-tap-vsockand UDP port forwarding for non-loopback clients. moby/moby#52710 - Fix installation of plugins that require host networking. moby/moby#52735
- Update RootlessKit to v3.0.1. moby/moby#52710 2026-05-20
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix a regression introduced in 29.5.1 where
docker cpfailed with "mkdirat: file exists" when a container had a bind mount whose target traversed an in-container symlink (e.g./var/run -> /run). moby/moby#52655 2026-05-18
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
This release includes fixes for multiple security vulnerabilities affecting Docker Engine.
- CVE-2026-41567 Fix a vulnerability in
docker cpwhere archive decompression binaries (e.g.xz,unpigz) were resolved viaPATHinside the container filesystem while running as host root, allowing a malicious container to execute arbitrary binaries with host root privileges.
GHSA-x86f-5xw2-fm2r - CVE-2026-41568 Fix a TOCTOU vulnerability in
docker cpthat allowed a container process to create files or directories at arbitrary locations on the host filesystem.
GHSA-vp62-88p7-qqf5 - CVE-2026-42306 Fix a TOCTOU vulnerability in
docker cpthat allowed a container process to redirect a bind mount to an arbitrary location on the host filesystem.
GHSA-rg2x-37c3-w2rh
Networking
- Fix UDP conntrack entries not being deleted when not bound to a specific IP address. moby/moby#52640 2026-05-14
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Rootless:
gvisor-tap-vsockis now the new default rootless network driver and should be preferred overslirp4netnswhich is no longer installed via Docker packaging.
New
- Rootless: Add new default
gvisor-tap-vsocknetwork driver. moby/moby#52319 - Enable private time namespace for containers by default on supported kernels. moby/moby#52326
- The
locallogging driver now has support for custom attributes, adding support for thelabel,label-regex,env,env-regex, andtaglog options. moby/moby#52348 - Windows: The daemon now supports listening on a Unix socket (
-H unix://...), with optional group-based access control via--group. moby/moby#52365
Security
- CVE-2026-32288: Fix a denial of service where pulling a maliciously crafted image could cause the daemon to allocate unbounded memory when processing sparse tar archives. GHSA-x4jj-h2v8-hqqv. moby/moby#52478
Bug fixes and enhancements
docker ps --formatnow supports a.HealthStatusplaceholder to print container health state (starting,healthy,unhealthy) as a dedicated field. docker/cli#6913- Add "time-namespaces" feature flag to disable time-namespaces. moby/moby#52577
- containerd integration: Fix auth token requests ignoring per-host TLS settings (custom CAs, insecure-registries). moby/moby#52600
- Daemon reload events now signify that the daemon reload has fully completed. moby/moby#52589
- Expose diagnostic data about userland proxy in
docker info. moby/moby#52321 - Fix
docker image ls --filter reference=...(GET /images/json) to also match fully qualified canonical image names (e.g.docker.io/library/alpine), not only the familiar short form. moby/moby#52333 - Fix a bug where leaving an autolock-enabled swarm could leave orphaned state, causing subsequent swarm init to fail with "Swarm is encrypted and needs to be unlocked". moby/moby#52479
- Fix an issue where logging errors appeared as empty strings in the daemon log instead of the message that failed to write. moby/moby#52442
- Fix incorrect SHARED SIZE and UNIQUE SIZE reporting in
docker system df -vby including shared content blobs in size calculation. moby/moby#52482 - Fix support for CDI specifications that request additional group IDs. moby/moby#52579
- Fix volume subpath file mounts over an existing file in the image failing container creation with "not a directory". moby/moby#52584
- Sort labels in
volume,network,config, andsecretformatters for deterministic output. docker/cli#6954 - Swarm: Prevent corruption of Raft snapshots when swarm state is large. moby/moby#52441
Packaging updates
- Update BuildKit to v0.30.0. moby/moby#52618
- Update Go runtime to 1.26.3. moby/moby#52572, docker/cli#6967
Networking
- Fix conntrack entries being incorrectly deleted for UDP containers sharing the same port on different IPs when one container is restarted. moby/moby#52423
- Fix stale VIP DNS records for swarm service network aliases not being removed during rolling updates. moby/moby#52236
- Fix the userland proxy silently dropping UDP datagrams when a previous write to an unavailable backend left a stale ECONNREFUSED error on the socket. moby/moby#52483
- Rootless: Properly support
--net=hostand localhost registries. moby/moby#47103
Rootless
- Update RootlessKit to v3.0.0. moby/moby#52319
Go SDK
- cli/config/configfile:
GetAuthConfig,GetCredentialsStore: normalize hostname when resolving auth. docker/cli#6846
Deprecations
- cli/command/image/build: remove deprecated
DefaultDockerfileNameconst. docker/cli#6737 - cli/command/image/build: remove deprecated
DetectArchiveReaderutil. docker/cli#6737 - cli/command/image/build: remove deprecated
IsArchiveutility. docker/cli#6737 - cli/command/image/build: remove deprecated
ResolveAndValidateContextPathutil. docker/cli#6737 - cli/command/image/build: remove deprecated
WriteTempDockerfileutil. docker/cli#6737 2026-05-06
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
- CVE-2026-31431: Replace the socketcall(2) seccomp deny that broke 32-bit programs with targeted AppArmor (deny network alg) and SELinux (alg_socket) rules that block AF_ALG at the LSM layer, covering both socket(2) and socketcall(2) paths without disrupting legitimate 32-bit workloads. moby/moby#52537
On SELinux-based systems, the SELinux mitigation requires the daemon to be configured withselinux-enabled: true(viadaemon.jsonor the--selinux-enabledCLI flag). This option is not enabled by default. - Fix the default AppArmor profile not being updated on daemon restart, requiring a system reboot to pick up profile changes from daemon upgrades. moby/moby#52537 2026-05-01
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
This release includes hardening for CVE-2026-31431.
- Block
AF_ALGsockets and thesocketcall(2)multiplexer in the default seccomp profile to prevent in-container privilege escalation via the kernel crypto API ("Copy Fail"). moby/moby#52501
Known issues
The hardening can break 32-bit programs and i386 images, including SteamCMD and some Wine-based workloads. moby/moby#52506
Workaround
Don't use
--security-opt seccomp=unconfinedto work around this issue.
Don't use theseccomp/v0.2.0profile.
If you need a workaround, use the seccomp/v0.2.1 profile from moby/profiles. Make sure you use a kernel that includes the fix for CVE-2026-31431.
This profile unblocks socketcall while keeping AF_ALG blocked for socket.
Use this workaround only for containers that require it.
Containers that use this profile can still exploit CVE-2026-31431 through thesocketcallsyscall.
Download the seccomp/v0.2.1 profile:
Use one of these options. You don't need both.
- To use the profile for a specific container when you control the
docker runcommand, use--security-opt: - To use the profile as the default for containers created by the daemon, add
seccomp-profileto yourdaemon.json: 2026-04-20
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- containerd image store: Fix
docker image prune --filter label!=key=valueincorrectly skipping images that don't have the specified label. moby/moby#52338 - Fix
--log-opt "tag={{.ImageID}}"not stripping the digest's algorithm. moby/moby#52343 - Fix intermittent container start failures (
EBUSYon secrets/configs remount) on busy Swarm nodes by retrying the read-only remount. moby/moby#52235
Packaging updates
- Update containerd (static binaries only) to v2.2.3. moby/moby#52360
- Update Go runtime to 1.26.2. docker/cli#6920, moby/moby#52329
Networking
- if a container has an IPv4-only or an IPv6-only endpoint with higher "gateway priority" than a dual stack endpoint, the single stack endpoint will now be used as the default gateway for its address family. moby/moby#52328 2026-04-07
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- docker cp: report both content size and transferred size. docker/cli#6800
- Fix
docker stats --allstill showing containers that were removed. docker/cli#6863 - Fix a rare bug that could cause containers to become unremovable. moby/moby#51724
- Fixed privileged containers losing their explicit AppArmor profile (
--security-opt apparmor=<profile>) after a container restart. moby/moby#52215 - Improved duplicate container-exit handling by using live containerd task state (not timestamps). moby/moby#52156
- Improved image pull and push performance by enabling HTTP keep-alive for registry connections, avoiding redundant TCP and TLS handshakes. moby/moby#52198
- shell completions: add shell completion for
docker rm --linkand exclude legacy links for container names. docker/cli#6872 - shell completions: don't provide completions that were already used. docker/cli#6871
- Update runc (in static binaries) to v1.3.5. moby/moby#52244
- Windows: Fix
DOCKER_TMPDIRnot being respected. moby/moby#52181
Packaging updates
- Update BuildKit to v0.29.0. moby/moby#52272
Networking
- Prevent a daemon crash during startup after upgrading if a container config containers a malformed IP-address. moby/moby#52275
Go SDK
- cli/streams: Out, In: preserve original os.File when available. docker/cli#6906
- Update minimum go version to go1.25. docker/cli#6897
Deprecations
- Go SDK: cli-plugins/hooks: deprecate
HookMessageand rename tocli-plugins/hooks.Response. docker/cli#6859 - Go SDK: cli-plugins/hooks: deprecate
HookTypeand rename tocli-plugins/hooks.ResponseType. docker/cli#6859 - Go SDK: cli-plugins/manager: deprecate
HookPluginDataand move tocli-plugins/hooks.Request. docker/cli#6859 2026-03-25
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
This release includes fixes for multiple security vulnerabilities affecting Docker Engine and related components.
- CVE-2026-34040 Fix an authorization bypass in AuthZ plugins that could allow authorization plugins to be bypassed under specific conditions.GHSA-x744-4wpc-v9h2
- CVE-2026-33997 Fix a flaw in
docker plugin installwhere privilege validation could be partially bypassed, potentially leading to unauthorized privilege escalation.GHSA-pxq6-2prw-chj9 - CVE-2026-33748 Fix insufficient validation of Git URL
#ref:subdirfragments in BuildKit, which could allow access to files outside the intended repository scope.GHSA-4vrq-3vrq-g6gg - CVE-2026-33747 Fix a vulnerability in BuildKit where an untrusted frontend could cause files to be written outside the BuildKit state directory.GHSA-3c29-8rgm-jvjj
Bug fixes and enhancements
- Fix a daemon crash during docker build if
.dockerignorecontained an invalid pattern. moby/moby#52214 - Fix a panic when the containerd client uses a closed stream. moby/moby#52211
Packaging updates
- Update containerd (static binaries) to v2.2.2. moby/moby#52213
- Update Go runtime to 1.25.8. moby/moby#52210, docker/cli#6883
Go SDK
- Add missing build-tag, which could cause
cannot range over 10 (untyped int constant)when importing thecli/commandpackage. docker/cli#6884 2026-03-05
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
New
- Add
bind-create-srcoption to--mountflag for bind mounts. docker/cli#6792 - CLI plugin hooks now fire on command failure (not just success), and plugins can use "error-hooks" to show hints only when commands fail. docker/cli#6794
- Lower minimum API version from v1.44 to v1.40 (Docker 19.03). moby/moby#52067
Packaging updates
- Update BuildKit to v0.28.0. moby/moby#52135
Networking
- Fix DNS config corruption on daemon reload. moby/moby#52060
API
POST /networks/{id}/connectnow correctly applies theMacAddressfield inEndpointSettings. This field was added in API v1.44, but was previously ignored. moby/moby#52040GET /images/jsonnow supports anidentityquery parameter. When set, the response includes manifest summaries and may include anIdentityfield for each manifest with trusted identity and origin information. moby/moby#52030
Bug fixes and enhancements
- The
--gpusoption now uses CDI-based injection for AMD GPUs. moby/moby#52048 - Add
sd_notify"RELOADING" notifications when signalling the daemon to reload its configuration. moby/moby#52041 - Send
sd_notify"READY" and "STOPPING" synchronously to make sure they are sent before we proceed. moby/moby#52041 - Add support for the systemd 253
Type=notify-reloadservice reload protocol. moby/moby#52041 - Don't log "failed to determine if container is already mounted" warnings for stopped containers during startup. moby/moby#52076
- Fix
docker system prunefailing with "rw layer snapshot not found" when a container is concurrently removed. moby/moby#52090 - Fix a panic when running
docker topon a non-running Windows container. moby/moby#52025 - Fix a regression in v29.2.0 that prevented registering the dockerd service on Windows if system requirements were not yet installed. moby/moby#52006
- Fix shared mount detection for paths mounted multiple times, which caused "not a shared mount" errors when using bind propagation. moby/moby#51787
- Fix spurious "ShouldRestart failed" warning on shutdown. moby/moby#52079
- Preserve leading and trailing whitespace when storing registry passwords. docker/cli#6784
- Prevent logging "not found" warnings when calculating volume sizes. moby/moby#52018
- Update Go runtime to 1.25.7. moby/moby#52003, docker/cli#6780 2026-02-02
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Update BuildKit to v0.27.1. moby/moby#51962
- Fix
docker system dffailing when run concurrently withdocker system prune. moby/moby#51979 - Fix daemon handling of duplicate container exit events to avoid repeated cleanup and state transitions. moby/moby#51925
- Fix panic after failed daemon initialization. moby/moby#51943
- Fix encrypted overlay networks not passing traffic to containers on v28 and older Engines. Encrypted overlay networks will no longer pass traffic to containers on v29.2.0 thru v29.0.0, v28.2.2, v25.0.14 or v25.0.13. moby/moby#51951
- Fix potential panic on
docker network prune. moby/moby#51966 2026-01-26
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
New
docker infonow includesNRIsection. docker/cli#6710- Add experimental NRI support. moby/moby#51711, moby/moby#51712, moby/moby#51675, moby/moby#51674, moby/moby#51636, moby/moby#51634
- New
Identityfield has been added to the inspect endpoint to show trusted origin information about the image. This includes build ref for locally built images, remote registry repository for pulled images, and verified signature information for images that contain a valid signed provenance attestation. moby/moby#51737
Bug fixes and enhancements
- Improve validation of
--detach-keyscommand-line options. docker/cli#6742 - Prevent a potential panic on daemon shutdown after an incomplete initialization. moby/moby#51797
- Remove restriction on anonymous read-only volumes. moby/moby#51682
- The
--validateflag on dockerd now also verifies system requirements, allowing for system requirements to be checked before starting the daemon. moby/moby#51868 - Handle
--gpusrequests for NVIDIA devices using CDI if possible. moby/moby#50228
Packaging updates
- Update BuildKit to v0.27.0. moby/moby#51886
- Update containerd (static binaries only) to v2.2.1. moby/moby#51765
Rootless
- Rootless: Consider
$XDG_CONFIG_HOME/cdiand$XDG_RUNTIME_DIR/cdiwhen looking for CDI devices. moby/moby#51624 - Update RootlessKit to v2.3.6. moby/moby#51757
API
- Natively support gRPC on the listening socket. moby/moby#50744
Go SDK
- cli/command: add WithAPIClientOptions option. docker/cli#6740
Deprecations
- Remove
%PROGRAMDATA%\Docker\cli-pluginsfrom the list of paths used for CLI plugins on Windows. This path was present for backward compatibility with old installation, but replaced by%ProgramFiles%\Docker\cli-plugins. docker/cli#6713 2026-01-16
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Packaging updates
- Update Go runtime to 1.25.6. moby/moby#51860, docker/cli#6750
Networking
- Fixed a regression where established network connections could be disrupted during a container's shutdown grace period. moby/moby#51843 2026-01-08
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix
docker run --network nonepanic on Windows. moby/moby#51830 - Fix image mounts failing with "file name too long" for long mount paths. moby/moby#51829
- Fix potential creation of orphaned overlay2 layers. moby/moby#51826, moby/moby#51824
Packaging updates
- Update BuildKit to v0.26.3. moby/moby#51821 2025-12-12
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Add shell completion for
docker stack deploy --compose-file. docker/cli#6690 - containerd image store: Fix a bug causing
docker buildto ignore the explicitly setunpackimage exporter option. moby/moby#51514 - Fix
docker image lsdangling image handling. docker/cli#6704 - Fix a bug that could cause the Engine to leave containers with autoremove set in 'dead' state on shutdown, and never reclaim them. moby/moby#51693
- Fix build on i386. moby/moby#51528
- Fix explicit graphdriver configuration (
"storage-driver") being treated as containerd snapshotter when prior graphdriver state exists. moby/moby#51516 - Fix potential creation of orphaned overlay2 layers. moby/moby#51703
Networking
- Allow creation of a container with a specific IP address when its networks were not configured with a specific subnet. moby/moby#51583
- Don't crash when starting a container created via the API before upgrade to v29.1.2, with
PublishAlland a nilPortBindingsmap. moby/moby#51691 - Fix a bug preventing DNS resolution of containers attached to non swarm-scoped networks once the node has joined a Swarm cluster. moby/moby#51515
- Fix an issue that caused daemon crash when using a remote network driver plugin. moby/moby#51558
- Fix an issue that could lead to an "endpoint not found" error when creating a container with multiple network connections, when one of the networks is non-internal but does not have its own external IP connectivity. moby/moby#51538
- Fix an issue that prevented rootless Docker from starting on a host with IPv6 disabled. moby/moby#51543
- Return an error when a container is created with a port-mapping pointing to container port 0. moby/moby#51695 2025-12-02
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
- Update Go runtime to 1.25.5. moby/moby#51648, docker/cli#6688
- Fixes a potential DoS via excessive resource usage when formatting hostname validation errors CVE-2025-61729
- Fixes incorrect enforcement of excluded subdomain constraints for wildcard SANs, which could allow improperly trusted certificates CVE-2025-61727
Bug fixes and enhancements
- containerd image store: Fix
docker image inspectfailing to return available image data in case where not all distributable blobs are available locally. moby/moby#51629 - dockerd-rootless-setuptool.sh: fix
nsenter: no namespace specified. moby/moby#51622 - Fix
docker system dfshowingN/Afor shared size and unique size when using graph-drivers as storage. moby/moby#51631
Packaging updates
- Update runc (in static binaries) to v1.3.4. moby/moby#51633
Networking
- Fix a bug preventing port mappings in rootless mode when slirp4netns is used. moby/moby#51616
- Prevent a crash when making an API request with
HostConfig.PublishAllPortsset (-P), and no port bindings. moby/moby#51621 2025-11-28
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Networking
- Revert a PR breaking external DNS resolution on all custom bridge networks. moby/moby#51615 2025-11-27
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Packaging updates
- Update BuildKit to v0.26.1. moby/moby#51551
- Update containerd binary to v2.2.0 (static binaries). moby/moby#51271
Networking
- Do not overwrite user-modified
/etc/resolv.confacross container restarts. moby/moby#51507 - fix
--publish-all/-Pfor Windows containers. moby/moby#51586 - Fix an issue that prevented container restart or network reconnection when gateway configuration failed during container stop or network disconnect. moby/moby#51592
- Windows containers: don't display an IPv6-mapped IPv4 address in port mappings. For example,
[::ffff:0.0.0.0]:8080->80/tcpinstead of0.0.0.0:8080->80/tcp. moby/moby#51587 2025-11-24
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
docker image lsno longer truncates the image names. docker/cli#6675
Networking
- Allow creation of a container with a specific IP address when its networks were not configured with a specific subnet. moby/moby#51583 2025-11-24
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
docker version --format json: restore top-levelBuildTimefield to use RFC3339Nano format. docker/cli#6668- Fix
docker image lsignoring a customimageFormatfromdocker.json. docker/cli#6667
Networking
- Fix an issue that caused daemon crash when using a remote network driver plugin. moby/moby#51558 2025-11-17
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Networking
- Fix an issue that could lead to an "endpoint not found" error when creating a container with multiple network connections, when one of the networks is non-internal but does not have its own external IP connectivity. moby/moby#51538
- Fix an issue that prevented rootless Docker from starting on a host with IPv6 disabled. moby/moby#51543 2025-11-14
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
docker image lsno longer truncates the name width when output is redirect (e.g. forgrep). docker/cli#6656docker image lsnow considers theNO_COLORenvironment variable for choosing the colored output. docker/cli#6654- containerd image store: Fix a bug causing
docker buildto ignore the explicitly setunpackimage exporter option. moby/moby#51514 - Fix a bug causing
docker image ls --allto not show untagged/dangling images. docker/cli#6657 - Fix build on i386. moby/moby#51528
- Fix explicit graphdriver configuration (
"storage-driver") being treated as containerd snapshotter when prior graphdriver state exists. moby/moby#51516 - Fix output format of the
ApiVersionandMinApiVersionfields indocker version --format=jsonto align with previous versions. docker/cli#6648
Networking
- Fix a bug preventing DNS resolution of containers attached to non swarm-scoped networks once the node has joined a Swarm cluster. moby/moby#51515 2025-11-10
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
This release includes several breaking changes and deprecations. Review the release notes carefully before upgrading.
- Experimental support for nftables can now be enabled by setting Docker daemon's
firewall-backendoption tonftables. For more information, see Docker Engine docs. - containerd image store is now the default for fresh installs. This doesn't apply to daemons configured with
userns-remap(see moby#47377).
Breaking Changes
- The Go module
github.com/docker/dockeris deprecated in favor ofgithub.com/moby/moby/clientandgithub.com/moby/moby/api. Thegithub.com/moby/mobymodule is considered an internal implementation detail - the only supported public modules areclientandapi. Starting with v29, releases are tagged with thedocker-prefix (e.g.,docker-v29.0.0). This only affects Go module users and package maintainers. - The daemon now requires API version
v1.44or later (Docker v25.0+). - Debian armhf (32-bit) packages now target ARMv7 CPUs and will not work on ARMv6 devices.
- Official Raspbian (32-bit) packages are no longer provided. Use Debian arm64 packages for 64-bit devices, or Debian armhf packages for 32-bit ARMv7 devices.
- cgroup v1 is deprecated. Support continues until at least May 2029, but migrate to cgroup v2 as soon as possible. See moby#51111.
- Docker Content Trust was removed from the Docker CLI. Can be built as a separate plugin: https://github.com/docker/cli/blob/v29.0.0/cmd/docker-trust/main.go
New
docker image loadanddocker image savenow supports multiple platform selection via--platformflag (e.g.,docker image load --platform linux/amd64,linux/arm64 -i image.tar). docker/cli#6126docker image lsnow uses the new view (like--treebut collapsed) by default. docker/cli#6566docker run --runtime <...>is now supported on Windows. moby/moby#50546GET /containers/jsonnow includes aHealthfield describing container healthcheck status. moby/moby#50281- Add
deviceentitlement to builder configuration. moby/moby#50386 - Add support for
memory-swapandmemory-swappinessflags todocker service createanddocker service updatecommands. docker/cli#6619 - Allow Docker CLI to set the
GODEBUGenvironment variable when the key-value pair ("GODEBUG":"...") exists inside the Docker context metadata. docker/cli#6371
Bug fixes and enhancements
docker image ls --treenow sorts images alphabetically by name instead of by creation date. docker/cli#6595docker image lsno longer shows untagged images by default if no--allflag is provided. docker/cli#6574docker save: Fixed inconsistent tar member timestamps when exporting images with the overlay2 storage driver. moby/moby#51365- Add a new log option for fluentd log driver (
fluentd-read-timeout), which enables specifying read timeouts for reading acks from fluentd connections. moby/moby#50249 - Add image name completion for
docker images. docker/cli#6452 - Add shell completion for
docker inspectif a--typeis set. docker/cli#6444 - Add shell completion for
docker pluginsubcommands. docker/cli#6445 - api/types/container: make ContainerState, HealthStatus concrete types. moby/moby#51439
- containerd image store is temporarily not available when userns remapping is enabled as a workaround for moby#47377. moby/moby#51042
- contrib: remove contrib/httpserver, which was only used for integration tests. moby/moby#50654
- daemon: improve validation of the
--dnsoption and corresponding"dns"field indaemon.json. moby/moby#50600 - dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51149
- Fix
--mount type=imagefailure when mounting the same image multiple times to a different destinations. moby/moby#50268 - Fix
docker stats <container>not exiting gracefully. docker/cli#6582 - Fix a bug preventing the API server from shutting down quickly when there's an open connection to the
/eventsendpoint. moby/moby#51448 - Fix a bug where collecting container stats in "one-shot" mode would not include the container's ID and Name. moby/moby#51302
- Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50202
- Fix issue where custom meta-headers were not passed through when using the containerd image store. moby/moby#51024
- Fix requests not being logged when running the daemon with
--log-level=trace. moby/moby#50986 - Fix Swarm services becoming unreachable from published ports after a firewalld reload. moby/moby#50443
- Improve errors when failing to connect to the API to provide more context to the user. moby/moby#50285
- Improve shell completion for
docker secretanddocker configsubcommands. docker/cli#6446 - Prefer explicit device driver name over GPU capabilities when selecting the device driver with
docker run --gpus. moby/moby#50717 - Update runc to v1.3.3. moby/moby#51393
- Update SwarmKit internal TLS configuration to exclude known insecure cipher suites. moby/moby#51139
- Windows: Fix BuildKit creating containers which isolation mode is inconsistent with the daemon's config. moby/moby#50942
Packaging updates
- client: remove legacy CBC cipher suites from client config. moby/moby#50126
- contrib: remove
editorconfigas it was unmaintained. moby/moby#50607 - contrib: remove Dockerfile syntax highlighting files for
nanoand TextMate (tmbundle) as they were unmaintained and outdated. moby/moby#50606 - contrib: remove mkimage-xxx scripts as they were unmaintained and not tested. moby/moby#50297
- If Docker is downgraded to a version that does not have this support the network will become unusable, it must be deleted and re-created. moby/moby#50114
- The Windows overlay network driver now supports option
--dns. moby/moby#51229 - Update BuildKit to v0.25.2. moby/moby#51397
- Update containerd to v2.1.5. moby/moby#51409
containerd v2.1.5 now uses systemd's defaultLimitNOFILEfor containers, changing the open file descriptor limit (ulimit -n) from1048576to1024. This extends a change introduced in Docker Engine v25.0 for build containers to all containers.
This prevents programs that adjust behavior based on ulimits from consuming excessive memory when the limit is set toinfinity. Containers now behave the same way as programs running on the host.
If your workload needs a higher limit, use--ulimitwithdocker run, or set defaults in/etc/docker/daemon.json:
For more information, see moby#51485. - Update Go runtime to 1.25.4. moby/moby#51418, docker/cli#6632
- Users can request a specific prefix size for networks allocated from the default pools by using the unspecified address, for example
--subnet 0.0.0.0/24 --subnet ::/96. moby/moby#50114
Networking
- Add daemon option
--bridge-accept-fwmark. Packets with this firewall mark will accepted by bridge networks, overriding Docker's iptables or nftables "drop" rules. moby/moby#50476 - api/types/system: deprecated top level
DiskUsagefields for type specific fields. moby/moby#51235 - Ensure bridge devices are removed when bridge network creation fails. moby/moby#51147
- Ensure that Windows NAT networks are recreated with their original labels when the Engine restarts. moby/moby#50447
- Environment variables set on a container using legacy links are deprecated and aren't added automatically anymore. moby/moby#50719
- The daemon can be started with
DOCKER_KEEP_DEPRECATED_LEGACY_LINKS_ENV_VARS=1to get them back - Users are encouraged to stop relying on these as they're deprecated, and the escape hatch will be removed in a later version
- The daemon can be started with
- Fix a bug in NetworkDB which would sometimes cause entries to get stuck deleted on some of the nodes, leading to connectivity issues between containers on overlay networks. moby/moby#50342
- Fix a bug that could cause the Engine and another host process to bind the same UDP port. moby/moby#50669
- Fix a deadlock that could happen if a firewalld reload was processed while the bridge networking driver was starting up, or creating or deleting a network, or creating port-mappings. moby/moby#50620
- Fix an issue preventing container startup or selection of its network gateway when IPv6 is only disabled on a specific interface. moby/moby#48971
- For Linux,
docker infonow reports the firewall backend if available. docker/cli#6191 - Greatly improve the reliability of overlay networking and the Swarm routing mesh. moby/moby#50393
- Improve the convergence rate of NetworkDB, part of the management plane for overlay networking, after bursts of updates. moby/moby#50193
- Improve the reliability of the overlay network driver. moby/moby#50260
- Improved error handling for connection of a container to a network. moby/moby#50945
- macvlan and IPvlan-l2 networks: no default gateway will be configured unless a
--gatewayis explicitly included in IPAM configuration. This addresses an issue which could cause container startup to fail in networks with IPv6 auto-configuration enabled. moby/moby#50929 - nftables: Docker will not enable IP forwarding on the host. If forwarding is needed by a bridge network, but not enabled, daemon startup or network creation will fail with an error. You must either enable forwarding and ensure firewall rules are in place to prevent unwanted forwarding between non-Docker interfaces. Or, use daemon option
--ip-forward=falseto disable the check, but some bridge network functionality including port forwarding may not work. See Engine Docs for more information about migration from iptables to nftables. moby/moby#50646 - On daemon startup, restart containers that share their network stacks before containers that need those stacks. moby/moby#50327
- Published ports are now always accessible in networks with gateway mode "routed". Previously, rules to open those ports were only added when the routed mode network was selected as the container's default gateway. moby/moby#50140
- Since 28.0.0, an
iptablesmangle rule for checksumming SCTP was only added if environment variableDOCKER_IPTABLES_SCTP_CHECKSUM=1was set. The rule has now been removed, the environment variable now has no effect. moby/moby#50539 - The iptables rules for bridge networks have been updated, including removal of the
DOCKER-ISOLATION-STAGE-1andDOCKER-ISOLATION-STAGE-2chains. With these changes:. moby/moby#49981- Containers can now access ports published to host addresses by containers in other networks when the userland-proxy is not running
- Containers can now access ports on container addresses in other networks that have gateway mode "nat-unprotected"
- When dynamically linked, the Docker daemon now depends on libnftables. moby/moby#51033
- Windows:
network inspect: the HNS network name is now reported in optioncom.docker.network.windowsshim.networknamerather than the Docker network name, which was only reported after a daemon restart. moby/moby#50961 - Windows: when restoring networks on daemon restart, preserve their association with non-default IPAM drivers. moby/moby#50649
API
eventsAPI now reports content-type asapplication/x-ndjsonfor newline-delimited JSON event stream. moby/moby#50953GET /images/{name}/getandPOST /images/loadnow accept multipleplatformquery parameters, allowing export and load of images for multiple platforms. moby/moby#50166GET /images/{name}/jsonnow omits the following fields if their value is empty:Parent,Comment,DockerVersion,Author. moby/moby#51072GET /images/{name}/json: omit emptyConfigfields when not set. moby/moby#50915POST /images/{name:}/push: remove compatibility with API v1.4 auth-config in body. moby/moby#50371- Add support for memory swappiness in Swarm services. moby/moby#51114
GET /servicesnow returnsSwapBytesandMemorySwappinessfields as part of theResourcerequirementsGET /services/{id}now returnsSwapBytesandMemorySwappinessfields as part of theResourcerequirementsPOST /services/createnow acceptsSwapBytesandMemorySwappinessfields as part of theResourcerequirementsPOST /services/{id}/updatenow acceptsSwapBytesandMemorySwappinessfields as part of theResourcerequirementsGET /tasksnow returnsSwapBytesandMemorySwappinessfields as part of theResourcerequirementsGET /tasks/{id}now returnsSwapBytesandMemorySwappinessfields as part of theResourcerequirements
- api/types/build: move
CachePruneOptionstype toclient.BuildCachePruneOptions. moby/moby#50772 - api/types/checkpoint: move checkpoint options to client module. moby/moby#50905
- api/types/container:
OnBuildwill now be omitted if its value is empty or zero. moby/moby#51154 - api/types/container: make the container config
MacAddressobsolete for v1.52 and onwards. Use network endpoint settings instead. moby/moby#51189 - api/types/container: move
ResizeOptionstype toContainerResizeOptionsin the client. moby/moby#50773 - api/types/events: move
ListOptionstype to the clientEventsListOptions. moby/moby#50774 - api/types/image: move image options out to the client. moby/moby#50776
- api/types/network: move
CreateOptions,ConnectOptionsandDisconnectOptionsto the client module. moby/moby#50817 - api/types/network: move the
ListOptionsandInspectOptionstypes to the client. moby/moby#50786 - api/types/plugin: change
ListResponseto a non-pointer slice. moby/moby#51440 - api/types/plugin: remove deprecated
Config.DockerVersion. moby/moby#51458 - api/types/registry: move
SearchOptionstoImageSearchOptionsin the client. moby/moby#50787 - api/types/registry: moved
ServiceConfiglegacy field marshaling support into daemon backend. moby/moby#50826 - api/types/registry: moved encode/decode auth config functions into reference utility package. moby/moby#50785
- api/types/storage: add
Storagetype and integrate in container inspect. moby/moby#50857 - api/types/swarm: deprecated and dropped support for
PortConfigProtocol; usenetwork.IPProtocolinstead. moby/moby#51094 - api/types/swarm: move option types to the client module. moby/moby#50794
- api/types/swarm: move the
SecretListOptionstype to the client module. moby/moby#50816 - api/types/system: move
DiskUsageOptionsto the client. moby/moby#50788 - api/types/system: move
SecurityOptandDecodeSecurityOptionsto client module. moby/moby#50825 - api/types/volume: change ListResponse.Volumes to a non-pointer slice. moby/moby#51454
- api/types/volume: move the
ListOptionstype to the client module. moby/moby#50789 - api/types/volume: moved
UpdateOptionsinto client module. moby/moby#51205 - api/types: daemon: move the disk usage structs to the backend server. moby/moby#50764
- api: make
GraphDriverfield inimage.InspectResponseoptional. This field will continue to be emitted when using the legacy graph drivers and will be omitted when using the containerd image backend. moby/moby#50893 - api: redefine container network port types. moby/moby#50710
- client: PluginListResult: change Items field to a non-pointer slice. moby/moby#51440
- Inspecting networks with API v1.52 and newer provides statistics about IPAM allocations for the subnets assigned to the network. moby/moby#50917
- MAC address fields are represented as byte slices compatible with the standard library net.HardwareAddr type instead of strings. moby/moby#51355
- Swagger definitions for
NetworkSummaryandNetworkInspecthave been added to the Swagger spec describing the Engine API. moby/moby#50855 - Update API version to 1.52. moby/moby#50418
Go SDK
api/pkg/progressandapi/pkg/streamformatterhave been removed. moby/moby#51153api/types/registry:EncodeAuthConfig: use empty string for zero value. moby/moby#50426api/types/versionshas moved to the client and daemon. moby/moby#51284client.ConfigCreate,client.ConfigList,client.ConfigInspectWithRaw,client.ConfigUpdate, andclient.ConfigRemovemethods now accept option structs instead of positional arguments, and return dedicated result structs. moby/moby#51078client.ImageBuild,client.BuildCancel,client.ImageList,client.ImageRemove,client.ImageTag, andclient.ImageSearchmethods now accept option structs instead of positional arguments, and return dedicated result structs. moby/moby#51227client:ContainerExec...methods were renamed toExec.... moby/moby#51262client: Wrap return values ofImageInspect,ImageHistory,ImageLoadandImageSavein a struct. moby/moby#51236ImagePullnow returns an object withJSONMessagesmethod returning iterator over the message objects. moby/moby#50935ImagePushnow returns an object withJSONMessagesmethod returning iterator over the message objects. moby/moby#51148- api/types/container: move
StatsResponseReadertoclientpackage. moby/moby#50521 - api/types/container: move container options to client. moby/moby#50897
- api/types/container: rename
PorttoPortSummary. moby/moby#50711 - api/types/container: StatsResponse: add
OSTypefield. moby/moby#51305 - api/types: move
ErrorResponsetocommon/ErrorResponse. moby/moby#50632 - api: remove unused
DefaultVersion,MinSupportedAPIVersionconsts. moby/moby#50587 - cli/command: add
WithUserAgentoption. docker/cli#4574 - client:
ContainerCommitOptions: removePausefield in favor ofNoPause. moby/moby#51019 - client: add
DefaultAPIVersionconst, which defines the default (and maximum) API version supported by the client. moby/moby#50433 - client: add
ExecAPIClientinterface for exec methods provided by the client. moby/moby#50997 - client: Client.PluginList: add options-struct. moby/moby#51207
- client: ContainersPrune: rewrite to use option structs and result. moby/moby#51200
- client: ImagesPrune: rewrite to use option structs and result. moby/moby#51200
- client: NetworksPrune: rewrite to use option structs and result. moby/moby#51200
- client: remove
client.ContainerStatsResult.OSTypefield. moby/moby#51305 - client: VolumesPrune: rewrite to use option structs and result. moby/moby#51200
- daemon/config: add
DefaultAPIVersionconst, which defines the default (and maximum) API version supported by the daemon. moby/moby#50436 - Fix data race in
ContainerExecStart,ContainerList, andEvents. moby/moby#50448 - IP addresses and subnets are now of type
netip.Addrandnetip.Prefix, respectively. moby/moby#50956 - Remove structs
NetworkSettingsBaseandDefaultNetworkSettings. Fields inNetworkSettingsBasethat were not deprecated are now directly inNetworkSettings. moby/moby#50846 - the client now uses its own
client.Filterstype for filtering API requests, with a more ergonomic interface. Users of thegithub.com/docker/docker/api/types/filterspackage will need to refactor when they upgrade to the v29 client. moby/moby#51115 - Types
"github.com/moby/moby/api/types/network".Summaryand"github.com/moby/moby/api/types/network".Inspectare no longer aliases, and most of their fields have been moved into an embedded struct. Engine API clients may require some source-level changes when migrating to the new github.com/moby/moby/api module. moby/moby#50878 - Update minimum Go version to 1.24. docker/cli#6624
Deprecations
client/pkg/jsonmessage: remove deprecatedProgressMessage,ErrorMessage,DisplayJSONMessagesToStreamandStreaminterface. moby/moby#49264GET /eventsno longer includes the deprecatedstatus,id, andfromfields. These fields were removed in API v1.22, but still included in the response. These fields are now omitted when using API v1.52 or later. moby/moby#50832- api/types/network: CreateRequest: remove deprecated CheckDuplicate field. moby/moby#50998
- api/types/plugin: deprecate
Config.DockerVersionfield. moby/moby#51109 - api/types/registry: remove deprecated AuthConfig.Email field. moby/moby#51059
- api/types/strslice: deprecate StrSlice in favor of using a regular
[]string. moby/moby#50292 - api/types/system: remove deprecated
DiskUsage.BuilderSize. moby/moby#51180 - api/types: move plugin types to api/types/plugin. moby/moby#48114
- API: Deprecation: the Engine was automatically backfilling empty
PortBindingslists with a PortBinding with an empty HostIP and HostPort when starting a container. This behavior is deprecated for API 1.52, and will be dropped in API 1.53. moby/moby#50874 - build: remove DCT support for classic builder. docker/cli#6195
- cli/command: Remove deprecated
ResolveDefaultContext. docker/cli#6555 - client: ImageBuildResponse: remove OSType field. moby/moby#50995
- client: Remove
ImageCreatemethod - useImagePullorImageImportinstead. moby/moby#51366 - client: remove deprecated
ImageListOptions.ContainerCount. moby/moby#51006 - client: remove support for negotiating API version < v1.44 (docker 25.0). moby/moby#51119
- client: remove unused
Client.HTTPClient()method. moby/moby#51011 - daemon/graphdriver: remove deprecated
GetDriver(). moby/moby#50377 - daemon: raise minimum API version to v1.44. moby/moby#51186
- Deprecate the
--pauseflag ondocker commitin favor of--no-pause. docker/cli#6460 - Deprecate cgroup v1. moby/moby#51360, docker/cli#6598
- Go SDK:
cli-plugins/manager: deprecate metadata aliases in favor of their equivalent incli-plugins/manager/metadata. docker/cli#6237 - Go SDK:
cli-plugins/manager: removeCandidateinterface, which was only for internal use. docker/cli#6237 - Go SDK:
cli-plugins/manager: removeNewPluginErrorfunction, which was only for internal use. docker/cli#6237 - Go SDK:
cli-plugins/manager: remove deprecatedResourceAttributesEnvvarconst. docker/cli#6237 - Go SDK:
cli/command: remove theErrPromptTerminated,DisableInputEcho,PromptForInput, andPromptForConfirmationutilities. These utilities were for internal use and are no longer used. docker/cli#6243 - Go SDK:
cli/registry/client: remove deprecatedRepoNameForReference. docker/cli#6206 - Go SDK: api/types/build: remove deprecated BuildCache.Parent field. moby/moby#51185
- Go SDK: api/types/container: remove deprecated
ContainerTopOKBodyalias. moby/moby#50400 - Go SDK: api/types/container: remove deprecated
ContainerUpdateOKBodyalias. moby/moby#50400 - Go SDK: api/types/container: remove deprecated
Statstype. moby/moby#50492 - Go SDK: api/types/filters: remove deprecated
ToParamWithVersion. moby/moby#50561 - Go SDK: api/types/image:
InspectResponse: remove deprecatedVirtualSize,Container,ContainerConfig,Parent, andDockerVersionfields. moby/moby#51103 - Go SDK: api/types/image: remove deprecated Summary.VirtualSize field. moby/moby#51190
- Go SDK: api/types/registry: remove deprecated
ServiceConfig.AllowNondistributableArtifactsCIDRsandServiceConfig.AllowNondistributableArtifactsHostnamesfields. moby/moby#50375 - Go SDK: api/types/swarm: remove deprecated ServiceSpec.Networks field. moby/moby#51184
- GO SDK: api/types/system: remove deprecated
Commit.Expectedfield. moby/moby#51127 - Go SDK: api/types: remove deprecated aliases. moby/moby#50452
- Go SDK: api: deprecate
NoBaseImageSpecifierconst. This const is no longer used and will be removed in the next release. moby/moby#50437 - Go SDK: api: remove
NoBaseImageSpecifier. moby/moby#50574 - Go SDK: cli/command/builder: remove
CachePrune(), which was no longer used. docker/cli#6236 - Go SDK: cli/command/builder: remove
NewBuilderCommandandNewBakeStubCommand. docker/cli#6335 - Go SDK: cli/command/checkpoint: remove
NewCheckpointCommand. docker/cli#6335 - Go SDK: cli/command/checkpoint: remove deprecated
NewFormat,FormatWrite. docker/cli#6339 - Go SDK: cli/command/completion: remove deprecated
NoComplete. docker/cli#6408 - Go SDK: cli/command/config: remove
NewConfigCommand. docker/cli#6335 - Go SDK: cli/command/config: remove deprecated
NewFormat,FormatWrite,InspectFormatWrite. docker/cli#6339 - Go SDK: cli/command/config: remove deprecated
RunConfigCreate,CreateOptions,RunConfigInspect,InspectOptions,RunConfigList,ListOptions,RunConfigRemove, andRemoveOptions. docker/cli#6370 - Go SDK: cli/command/container: deprecate
NewDiffFormat,DiffFormatWrite. These functions were only used internally and will be removed in the next release. docker/cli#6187 - Go SDK: cli/command/container: remove
NewBuildCommand,NewPullCommand,NewPushCommand,NewImagesCommand,NewImageCommand,NewHistoryCommand,NewImportCommand,NewLoadCommand,NewRemoveCommand,NewSaveCommand,NewTagCommand,NewPruneCommand. docker/cli#6335 - Go SDK: cli/command/container: remove
NewRunCommand,NewExecCommand,NewPsCommand,NewContainerCommand,NewAttachCommand,NewCommitCommand,NewCopyCommand,NewCreateCommand,NewDiffCommand,NewExportCommand,NewKillCommand,NewLogsCommand,NewPauseCommand,NewPortCommand,NewRenameCommand,NewRestartCommand,NewRmCommand,NewStartCommand,NewStatsCommand,NewStopCommand,NewTopCommand,NewUnpauseCommand,NewUpdateCommand,NewWaitCommand,NewPruneCommand. docker/cli#6335 - Go SDK: cli/command/container: remove
RunPrune(), which was no longer used. docker/cli#6236 - Go SDK: cli/command/container: remove deprecated
NewDiffFormat,DiffFormatWrite. docker/cli#6339 - Go SDK: cli/command/context: remove
NewContextCommand. docker/cli#6335 - Go SDK: cli/command/context: remove deprecated
RunCreateandCreateOptions. docker/cli#6407 - Go SDK: cli/command/context: remove deprecated
RunExportandExportOptions. docker/cli#6407 - Go SDK: cli/command/context: remove deprecated
RunImport. docker/cli#6407 - Go SDK: cli/command/context: remove deprecated
RunRemoveandRemoveOptions. docker/cli#6407 - Go SDK: cli/command/context: remove deprecated
RunUpdateandUpdateOptions. docker/cli#6407 - Go SDK: cli/command/context: remove deprecated
RunUse. docker/cli#6407 - Go SDK: cli/command/formatter/swarm: remove deprecated
GetStacksfunction. docker/cli#6406 - Go SDK: cli/command/image/build: deprecate
DefaultDockerfileName,DetectArchiveReader,WriteTempDockerfile,ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6561 - Go SDK: cli/command/image: remove
RunPrune(), which was no longer used. docker/cli#6236 - Go SDK: cli/command/image: remove deprecated
AuthResolverutility. docker/cli#6373 - Go SDK: cli/command/image: remove deprecated
NewHistoryFormat,HistoryWrite. docker/cli#6339, docker/cli#6339 - Go SDK: cli/command/manifest: remove
NewManifestCommand. docker/cli#6335 - Go SDK: cli/command/network: remove
NewNetworkCommand. docker/cli#6335 - Go SDK: cli/command/network: remove
RunPrune(), which was no longer used. docker/cli#6236 - Go SDK: cli/command/network: remove deprecated
NewFormat,FormatWrite. docker/cli#6339 - Go SDK: cli/command/node: remove
NewNodeCommand. docker/cli#6335 - Go SDK: cli/command/node: remove deprecated
NewFormat,FormatWrite,InspectFormatWrite. docker/cli#6339 - Go SDK: cli/command/plugin: remove
NewPluginCommand. docker/cli#6335 - Go SDK: cli/command/plugin: remove deprecated
NewFormat,FormatWrite. docker/cli#6339 - Go SDK: cli/command/registry: remove
NewLoginCommand,NewLogoutCommand,NewSearchCommand. docker/cli#6335 - Go SDK: cli/command/registry: remove deprecated
NewSearchFormat,SearchWrite. docker/cli#6339 - Go SDK: cli/command/registry: remove deprecated
OauthLoginEscapeHatchEnvVarconst. docker/cli#6463 - Go SDK: cli/command/secret: remove
NewSecretCommand. docker/cli#6335 - Go SDK: cli/command/secret: remove deprecated
NewFormat,FormatWrite,InspectFormatWrite. docker/cli#6339 - Go SDK: cli/command/service: remove
NewServiceCommand. docker/cli#6335 - Go SDK: cli/command/service: remove deprecated
NewFormat,InspectFormatWrite. docker/cli#6339 - Go SDK: cli/command/stack/swarm: remove deprecated RunPS and options.PS. docker/cli#6398
- Go SDK: cli/command/stack: remove
NewStackCommand. docker/cli#6335 - Go SDK: cli/command/stack: remove deprecated RunList and options.List. docker/cli#6398
- Go SDK: cli/command/stack: remove deprecated RunServices and swarm.GetServices. docker/cli#6398
- Go SDK: cli/command/swarm: remove
NewSwarmCommand. docker/cli#6335 - Go SDK: cli/command/system: remove
NewVersionCommand,NewInfoCommand,NewSystemCommand,NewEventsCommand,NewInspectCommand. docker/cli#6335 - Go SDK: cli/command/task: remove deprecated
NewTaskFormat,FormatWrite. docker/cli#6339 - Go SDK: cli/command/trust: remove
NewTrustCommand. docker/cli#6335 - Go SDK: cli/command/trust: remove deprecated
NewPruneCommand. docker/cli#6344 - Go SDK: cli/command/trust: remove deprecated
SignedTagInfo,SignerInfo,NewTrustTagFormat,NewSignerInfoFormat,TagWrite,SignerInfoWrite. docker/cli#6339 - Go SDK: cli/command/volume: remove
NewVolumeCommand,NewPruneCommand. docker/cli#6335 - Go SDK: cli/command/volume: remove
RunPrune(), which was no longer used. docker/cli#6236 - Go SDK: cli/command: remove
AddTrustSigningFlags,AddTrustVerificationFlags, andAddPlatformFlagutilities, which were only used internally. docker/cli#6244 - Go SDK: cli/command: remove deprecated
DockerCli.Apply. docker/cli#6503 - Go SDK: cli/command: remove deprecated
DockerCli.ContentTrustEnabled. docker/cli#6502 - Go SDK: cli/command: remove deprecated
DockerCli.DefaultVersion. docker/cli#6502 - Go SDK: cli/command: remove deprecated
RegistryAuthenticationPrivilegedFunc. docker/cli#6349 - Go SDK: cli/command: remove deprecated
WithContentTrustFromEnv,WithContentTrustoptions. docker/cli#6502 - Go SDK: cli/config/configfile: remove deprecated
ConfigFile.Experimentalfield. docker/cli#6464 - Go SDK: cli/config/types: remove deprecated
AuthConfig.Emailfield. docker/cli#6515 - Go SDK: cli/manifest/store: remove deprecated
IsNotFound. docker/cli#6523 - Go SDK: cli: remove deprecated
VisitAll,DisableFlagsInUseLineutilities. docker/cli#6296 - Go SDK: client: remove
APIClient.ImageInspectWithRawfrom theAPIClientinterface. moby/moby#50485 - Go SDK: client: remove
ImageAPIClient.ImageInspectWithRawfrom theImageAPIClientinterface. moby/moby#50485 - Go SDK: client: remove
ImageAPIClientDeprecated.ImageInspectWithRawfrom theImageAPIClientDeprecated. moby/moby#50485 - Go SDK: client: remove deprecated
ErrorConnectionFailedandIsErrNotFoundfunctions. moby/moby#50485 - Go SDK: client: remove deprecated
NewClientandNewEnvClientfunctions. moby/moby#50485 - Go SDK: client: remove the
CommonAPIClientinterface. moby/moby#50485 - Go SDK: client: remove the
ImageAPIClientDeprecatedinterface. moby/moby#50485 - Go SDK: client: remove the deprecated
Client.ImageInspectWithRawmethod. moby/moby#50485 - Go SDK: container: remove deprecated
IsValidHealthString. moby/moby#50378 - Go SDK: container: remove deprecated
IsValidStateString. moby/moby#50378 - Go SDK: container: remove deprecated
StateStatus,WaitCondition, and the relatedWaitConditionNotRunning,WaitConditionNextExit, andWaitConditionRemovedconsts. moby/moby#50378 - Go SDK: deprecate
pkg/stdcopy, which was moved toapi/pkg/stdcopy. moby/moby#50462 - Go SDK: Deprecate field
NetworkSettingsBase.Bridge, structNetworkSettingsBase, all the fields ofDefaultNetworkSettings, and structDefaultNetworkSettings. moby/moby#50848 - Go SDK: deprecate pkg/stringid in favour of
github.com/moby/moby/client/pkg/stringid. moby/moby#50504 - Go SDK: deprecate profiles package which got migrated to
github.com/moby/profiles. moby/moby#50481 - Go SDK: oci: deprecate SetCapabilities, and some minor cleanups/fixes. moby/moby#50461
- Go SDK: opts: remove deprecated
ListOpts.GetAll. It's no longer used and replaced byListOpts.GetSlice. docker/cli#6293 - Go SDK: opts: remove deprecated
NewNamedListOptsRef,NewNamedMapOpts,NamedListOpts,NamedMapOpts, andNamedOption. These types and functions are no longer used and will be removed in the next release. docker/cli#6293 - Go SDK: opts: remove deprecated
ParseEnvFilein favour ofkvfile.Parse. docker/cli#6382 - Go SDK: opts: remove deprecated
QuotedString. docker/cli#6293 - Go SDK: opts: remove deprecated
ValidateHost. docker/cli#6293 - Go SDK: pkg/system was removed, and is now an internal package. moby/moby#50559
- Go SDK: pkg/system: deprecate
EscapeArgs()andIsAbs. These functions were only used internally and will be removed in the next release. moby/moby#50399 - Go SDK: registry: remove deprecated
APIEndpoint.TrimHostName,APIEndpoint.Official, andAPIEndpoint.AllowNondistributableArtifactsfields. moby/moby#50376 - Go SDK: registry: remove deprecated
HostCertsDir()andSetCertsDir()functions. moby/moby#50373 - Go SDK: registry: remove deprecated
RepositoryInfo.OfficialandRepositoryInfo.Classfield. moby/moby#50498 - Go SDK: registry: remove deprecated
Service.ResolveRepository(). moby/moby#50374 - Go SDK: Remove
buildkit.ClientOpts. moby/moby#50318 - Go SDK: remove
pkg/fileutils. moby/moby#50558 - Go SDK: Remove deprecated
IsNotFound,CommandAnnotationPlugin,CommandAnnotationPluginVendor,CommandAnnotationPluginVersion,CommandAnnotationPluginInvalid,CommandAnnotationPluginCommandPath,NamePrefix,MetadataSubcommandName,HookSubcommandName,Metadata, andReexecEnvvarfromcli-plugins/managerin favor of theircli-plugins/manager/metadataequivalents. docker/cli#6414 - Go SDK: remove deprecated
types/plugins/logdriverandtypes/swarm/runtimepackages; plugin-runtime spec is now exposed astypes/swarm.RuntimeSpecandtypes/swarm.RuntimePrivilege. moby/moby#50554 - Go SDK: remove deprecated
cli/command/formatterpackage. docker/cli#6406 - Go SDK: remove deprecated
cli/registry/clientpackage. docker/cli#6462 - Go SDK: remove deprecated
pkg/idtoolspackage. moby/moby#50456 - Go SDK: templates: remove deprecated
NewParsefunction. docker/cli#6453 - Hide the
--kernel-memoryoption ondocker runanddocker create, and produce a warning when used as it's no longer supported by the daemon and kernel. docker/cli#6455 - Remove
VirtualSizefield fromdocker image lsoutput when using JSON format. docker/cli#6524 - Remove
VirtualSizeformatting options and output. docker/cli#6524 - Remove API version compatibility for API version < v1.44 (Docker v24.0 and older). docker/cli#6551
- Remove deprecated
bind-nonrecursiveoption for--mount. docker/cli#6241 - Remove deprecated packages (
pkg/archive,pkg/chrootarchive,pkg/atomicwriter,pkg/reexec,pkg/platform,pkg/parsers),pkg/system.MkdirAll. For replacements, seegithub.com/moby/go-archive,github.com/moby/sysand the standard library. moby/moby#50208 - Remove special handling for quoted values for the
--tlscacert,--tlscert, and--tlskeycommand-line flags. docker/cli#6306 - Remove support for AutoRemove (
--rm) on API < 1.30. docker/cli#6525 - Remove support for loading legacy (pre-Docker 1.10) images. moby/moby#50324